The Cost of Unreliability

The Issue

When an influential energy sector organisation ran into ongoing reliability problems with their mission-critical firewall infrastructure their incumbent support partner and vender recommended the approach of replacing their existing single firewall with a complex and expensive firewall cluster.

The estimated cost for the replacement was $70,000 for the hardware and software alone. The proposed solution was viewed with some scepticism by the client and so an alternate proposal was sought from DMZGlobal.

The Solution

When DMZGlobal's Senior Security Consultants initially discussed the systems requirements with the client they were concerned by the apparent unreliability of the Check Point Firewall-1 software that they were operating. Their firewall was regularly losing VPN connections to their business partners and clients causing considerable operational impact. This seemed out of step with DMZGlobal's extensive experience with Check Point firewall products.

In addition it became apparent that the client's reliance on Internet connectivity was not reflected in the overall systems design that was in place, and that the suggested firewall cluster would only address part of the problem.

A review of the client's firewall quickly revealed the root cause of the unreliability. The firewall had been operating for over 12 months but incomprehensibly, had no updates or patches applied to the software or the operating system including patches to address VPN instability.

DMZGlobal strongly recommended that the client did not go ahead with the proposed firewall replacement but rather that the existing firewall be upgraded and integrated into DMZGlobal's "Network Boundary Management” service, DMZBoundary. DMZGlobal's consultants were confident that they could make the existing platform stable and that the client would benefit significantly from the service's security and availability management.

In addition the Consultants recommended that DMZGlobal install a DMZInternet connection to act as a fully redundant Internet path to protect against future firewall problems, networking issues or Internet Service Provider (ISP) failures. In addition to the increased availability this service would also mean that the client's inbound and outbound email, HTTP and FTP traffic would be scanned for viruses and worms, so adding another layer of protection to their mission critical systems..

The Outcome

When the client compared the relative costs and benefits offered by the DMZGlobal approach it became clear to them that not only was DMZGlobal willing to commit to resolving the problems with the existing firewall but would also provide other significant business benefits including:

Expert 24x7 security and systems management

Systems management and patching to provide ongoing security and reliability

A highly available solution providing network and Internet connection diversity

The client selected DMZGlobal as their service provider and the new design was implemented over an eight week period. During the service implementation the existing onsite firewall's software was patched appropriately, eliminating the unreliability that had been experienced.

Over the following three years the client has experienced better than 99.99% systems availability while significantly increasing their security capability and eliminating all viruses and worms from their network. The client views that the apparent cost of the managed service is truly offset by the operational efficiencies and the overall reliability achieved.